N

2 Messages

 • 

182 Points

Wed, May 5, 2021 8:12 AM

cloudpath property management user traffic profile

Hello,

Is there any way to select different user traffic profiles (smartzone) when creating users based on cloudpath property management system?

Thanks.

Responses

Accepted Solution

Employee

 • 

17 Messages

 • 

262 Points

5 m ago

Hi Norbert,

 

Yes, you can use the Policy engine in Cloudpath to return a different user-role to SmartZone.  You can use the UNIT name as the DPSK reference name in a policy.  Using that policy, you can provide different Filter ID’s back to SmartZone.

 

I have a guide here, that will show an example of providing a Bronze level of service to users (25 Mbps up and down) vs Gold level of service (100 Mbps up and down) to users, but the user roles can be defined however you need to in SmartZone.

 

Let us use an example of a Bronze vs Gold service.

Overview:

 

In Cloudpath we will create units and pre-pend that unit with a service level bronze vs gold.

In Cloudpath we will create a policy that returns the Ruckus-User-Group as "bronze" to SmartZone and likewise for "Gold"

In SmartZone we will create two Traffic Profiles; Bronze giving 25 Mbps up and 25 Mbps down, and Gold giving 100 Mbps up and 100 Mbps down.

 

Cloudpath; create a bronze and a gold unit.

  1. Click on Managed Access | Property Management
  2. Click on the property that you want to change a unit to
  3. Click on Units Tab
  4. Create a Unit; pre-pend the word “bronze” in the unit number:

 

  1. Do the same for a “gold” unit:

If you look at the bronze unit, you can see that the DPSK reference name is named as <property_name>_<unit number>.  We can use this value to build a RADIUS DPSK policy on:

 

 

 

In Cloudpath, let’s create 2 RADIUS policies to return the user-role to SmartZone

  1. Click on Configuration | Policies
  2. Click the RADIUS Attribute Groups Tab

 

 

 

  1. Click on Add RADIUS Attribute Group

 

 

 

  1. Create a attribute group that returns the “Filter ID” as “bronze”

 

  1. Click on Save
  2. Let’s do another policy for “gold”, so click on “Add RADIUS Attribute Group” again
  3. Create a gold attribute group that returns the “Filter ID” as “gold”

 

 

 

  1. Click on Save
  2. Click the Policies Tab | Add Policy

 

 

  1. Create a “bronze_policy” that returns the Bronze Attribute group that you just created. We are going to use the DPSK reference name for the Unit (remember, we pre-pended the word “bronze” to it):
  2. Make sure that you have a “.*” at the beginning and end, which means, match anything, then the word bronze, and match anything after that. This is REGEX, and I typically use a few different sites to test these things.
  3. Make sure that you select the correct RADIUS attribute group you just created for BRONZE
  4. Click on Save.

 

NOTE:

To test REGEX, I like to use “https://regex101.com”; this can help with syntax, example; lets make sure the regex I wrote will catch the DPSK reference name of the bronze unit and not the gold unit:

 

 

We can see that the REGEX will only match the first entry.

 

  1. Lets do a policy for “gold” users

 

 

  1. Click on Save
  2. You should have 2 policies now:

 

  1. Let’s apply the policies to your DPSK pools, click on Configuration | DPSK Pools
  2. Click the wrench beside you DPSK pool for the unit
  3. Click the RADIUS Policies tab
  4. Click on “+ Assign Policy” button
  5. Select the Bronze Policy and click on Save

 

 

  1. Do the same for the gold policy
  2. You should have 2 policies now

 

 

 

SmartZone:

Now that Cloudpath is setup with policies to return a different Filter ID to SmartZone, SmartZone has to be configured  to take that value and apply it to a user role.

 

  1. In SmartZone, edit the Cloudpath Authentication Server
  2. Scroll to the bottom of the Cloudpath Authentication server window to “User Role Mapping”
  3. Click on the Create button

 

 

  1. The Group Attribute Value MUST match the Filter ID returned from Cloudpath (“bronze”):

 

  1. Click on the + button to setup your parameters for the user.
  2. We are going to add a role name of “bronze_units” and add a firewall profile for 25 Mbps service

 

  1. Click on OK
  2. Click on OK
  3. Click on OK to return to the user Role Mapping screen
  4. Create another one for “gold” with 100 Mbps FW traffic profile
  5. Group attribute Value needs to match the “Filter ID” returned from Cloudpath, in our case “gold”

 

  1. Create a User Role and a FW profile like we did for bronze, but for 100 Mbps service

 

  1. Click on OK
  2. Click on OK
  3. Click on OK
  4. You should have two user-role mappings

 

  1. Click on OK to close the Cloudpath Authentication Server.

 

 

Testing!

 

You can test this using the CCD of SmartZone:

 

  1. Example of a “bronze” unit returned Filter ID attribute:

 

You can see the radius policy being hit in Cloudpath:

 

 

 

 

 

 

 

 

 

 

 

2 Messages

 • 

182 Points

Hello Christopher,
Thank you for your reply and detailed guide.


I did actually manage to create a similar solution. But I put all the units in the regex as a list, like this:


\b(?:unit1|unit2|unit3|unit4)\b

This will of course become an operational nightmare since you have to move users in and out of the different list when they change there subscription (could possible automate this with API). I was afraid that your solution would make a new DPSK for the tenant so they would need to change password (or change it back in the tenant portal). But i noticed that the DPSK also change name when you change unit name. So I prefer your solution. Thanks.

Important Announcement